Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
0
Helpful
6
Replies

ASA with ssl vpn with no acl in outside interface

Go to solution
mahesh18
Level 6
Level 6

‎04-20-2016 08:34 PM - edited ‎03-12-2019 12:38 AM

Hi everyone,

I have seen one of our clients setup where they have cisco ASA with ssl anyconnect vpn.

on outside interface of vpn asa there is no acl.

Need to know how client traffic is coming from outside world to establish the vpn connections without any permit acl on outside interface?

Regards

Mahesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎04-20-2016 08:42 PM

Hi Mahesh,

The command " sysopt connection permit-vpn" tells the ASA to allow the VPN traffic regardless of access-lists.

Check this link:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

Regards,

Aditya

please rate helpful posts and mark correct answers.

View solution in original post

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to mahesh18

‎04-20-2016 09:10 PM

Hi Mahesh,

Yes you are correct.

Regards,

Aditya

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎04-20-2016 08:42 PM

Hi Mahesh,

The command " sysopt connection permit-vpn" tells the ASA to allow the VPN traffic regardless of access-lists.

Check this link:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/99103-pix-asa-vpn-filter.html

Regards,

Aditya

please rate helpful posts and mark correct answers.

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee

‎04-20-2016 08:43 PM

Hi Mahesh,

You can check this config using the following command :

show run all sysopt

Regards,

Aditya

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Aditya Ganjoo

‎04-20-2016 09:05 PM

here is output 

show run all sysopt
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn********************************1
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp outside
no sysopt noproxyarp inside
no sysopt noproxyarp management

is the config 1 line will allow user vpn connections on outside interface without any acl?

Regards

MAhesh

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to mahesh18

‎04-20-2016 09:10 PM

Hi Mahesh,

Yes you are correct.

Regards,

Aditya

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Aditya Ganjoo

‎04-20-2016 09:15 PM

Many thanks Aditya.

Regards

Mahesh

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to mahesh18

‎04-20-2016 09:16 PM

Hi Mahesh,

Happy to help you. :)

Regards,

Aditya

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card